CVE-2023-28771: Zyxel Multiple Firewalls OS Command Injection Vulnerability
First published: Tue Apr 25 2023(Updated: )
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
Credit: security@zyxel.com.tw security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel firewall | ||
| Zyxel Multiple Firewalls | ||
| Zyxel ATP100 Firmware | >=4.60<5.36 | |
| Zyxel ATP100 Firmware | ||
| Zyxel ATP100W Firmware | >=4.60<5.35 | |
| Zyxel ATP100W Firmware | ||
| Zyxel ATP200 firmware | >=4.60<5.36 | |
| Zyxel ATP200 firmware | ||
| Zyxel ATP500 Firmware | >=4.60<5.36 | |
| Zyxel ATP500 Firmware | ||
| Zyxel ATP700 Firmware | >=4.60<5.36 | |
| Zyxel ATP700 Firmware | ||
| Zyxel ATP800 | >=4.60<5.36 | |
| Zyxel ATP800 Firmware | ||
| Zyxel USG Flex 100 firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 100 | ||
| Zyxel USG FLEX 100w firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 100w firmware | ||
| Zyxel USG FLEX 200 | >=4.60<5.36 | |
| Zyxel USG FLEX 200 firmware | ||
| Zyxel USG FLEX 50(W) series firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 50 | ||
| Zyxel USG FLEX 500 | >=4.60<5.36 | |
| Zyxel USG FLEX 500 firmware | ||
| Zyxel USG FLEX 50w | >=4.60<5.36 | |
| Zyxel USG FLEX 50(W) series firmware | ||
| Zyxel USG FLEX 700 firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 700 firmware | ||
| Zyxel VPN100 | >=4.60<5.36 | |
| Zyxel VPN100 Firmware | ||
| Zyxel VPN1000 Firmware | >=4.60<5.36 | |
| Zyxel VPN1000 Firmware | ||
| Zyxel Zywall VPN 300 Firmware | >=4.60<5.36 | |
| Zyxel VPN300 | ||
| Zyxel Zywall VPN 50 Firmware | >=4.60<5.36 | |
| Zyxel VPN50 Firmware | ||
| Zyxel ZyWALL USG 310 firmware | >=4.60<4.73 | |
| Zyxel ZyWALL USG 310 firmware | =4.73 | |
| Zyxel ZyWALL USG 310 | ||
| Zyxel ZyWALL USG 100 | >=4.60<4.73 | |
| Zyxel ZyWALL USG 100 | =4.73 | |
| Zyxel ZyWALL USG 100 firmware | ||
| All of | ||
| Zyxel ATP100 Firmware | >=4.60<5.36 | |
| Zyxel ATP100 Firmware | ||
| All of | ||
| Zyxel ATP100W Firmware | >=4.60<5.35 | |
| Zyxel ATP100W Firmware | ||
| All of | ||
| Zyxel ATP200 firmware | >=4.60<5.36 | |
| Zyxel ATP200 firmware | ||
| All of | ||
| Zyxel ATP500 Firmware | >=4.60<5.36 | |
| Zyxel ATP500 Firmware | ||
| All of | ||
| Zyxel ATP700 Firmware | >=4.60<5.36 | |
| Zyxel ATP700 Firmware | ||
| All of | ||
| Zyxel ATP800 | >=4.60<5.36 | |
| Zyxel ATP800 Firmware | ||
| All of | ||
| Zyxel USG Flex 100 firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 100 | ||
| All of | ||
| Zyxel USG FLEX 100w firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 100w firmware | ||
| All of | ||
| Zyxel USG FLEX 200 | >=4.60<5.36 | |
| Zyxel USG FLEX 200 firmware | ||
| All of | ||
| Zyxel USG FLEX 50(W) series firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 50 | ||
| All of | ||
| Zyxel USG FLEX 500 | >=4.60<5.36 | |
| Zyxel USG FLEX 500 firmware | ||
| All of | ||
| Zyxel USG FLEX 50w | >=4.60<5.36 | |
| Zyxel USG FLEX 50(W) series firmware | ||
| All of | ||
| Zyxel USG FLEX 700 firmware | >=4.60<5.36 | |
| Zyxel USG FLEX 700 firmware | ||
| All of | ||
| Zyxel VPN100 | >=4.60<5.36 | |
| Zyxel VPN100 Firmware | ||
| All of | ||
| Zyxel VPN1000 Firmware | >=4.60<5.36 | |
| Zyxel VPN1000 Firmware | ||
| All of | ||
| Zyxel Zywall VPN 300 Firmware | >=4.60<5.36 | |
| Zyxel VPN300 | ||
| All of | ||
| Zyxel Zywall VPN 50 Firmware | >=4.60<5.36 | |
| Zyxel VPN50 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ZyWALL USG 310 firmware | >=4.60<4.73 | |
| Zyxel ZyWALL USG 310 firmware | =4.73 | |
| Zyxel ZyWALL USG 310 | ||
| All of | ||
| Any of | ||
| Zyxel ZyWALL USG 100 | >=4.60<4.73 | |
| Zyxel ZyWALL USG 100 | =4.73 | |
| Zyxel ZyWALL USG 100 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls;
- https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Frequently Asked Questions
What is CVE-2023-28771?
CVE-2023-28771 is a vulnerability that allows an unauthenticated attacker to execute OS commands remotely on Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls.
How can an attacker exploit CVE-2023-28771?
An attacker can exploit CVE-2023-28771 by sending crafted packets to the affected Zyxel firewall devices.
Which Zyxel firewall products are affected by CVE-2023-28771?
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls are affected by CVE-2023-28771.
How severe is CVE-2023-28771?
CVE-2023-28771 is a critical vulnerability that allows remote code execution on affected Zyxel firewall devices.
Is there a fix available for CVE-2023-28771?
Yes, Zyxel has released a security advisory with mitigation measures for CVE-2023-28771.
- zeroday/true
- agent/type
- agent/description
- agent/weakness
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/last-modified-date
- agent/trending
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- vendor/zyxel
- canonical/zyxel firewall
- canonical/zyxel multiple firewalls
- canonical/zyxel atp100 firmware
- version/zyxel atp100 firmware/4.60
- canonical/zyxel atp100w firmware
- version/zyxel atp100w firmware/4.60
- canonical/zyxel atp200 firmware
- version/zyxel atp200 firmware/4.60
- canonical/zyxel atp500 firmware
- version/zyxel atp500 firmware/4.60
- canonical/zyxel atp700 firmware
- version/zyxel atp700 firmware/4.60
- canonical/zyxel atp800
- version/zyxel atp800/4.60
- canonical/zyxel atp800 firmware
- canonical/zyxel usg flex 100 firmware
- version/zyxel usg flex 100 firmware/4.60
- canonical/zyxel usg flex 100
- canonical/zyxel usg flex 100w firmware
- version/zyxel usg flex 100w firmware/4.60
- canonical/zyxel usg flex 200
- version/zyxel usg flex 200/4.60
- canonical/zyxel usg flex 200 firmware
- canonical/zyxel usg flex 50(w) series firmware
- version/zyxel usg flex 50(w) series firmware/4.60
- canonical/zyxel usg flex 50
- canonical/zyxel usg flex 500
- version/zyxel usg flex 500/4.60
- canonical/zyxel usg flex 500 firmware
- canonical/zyxel usg flex 50w
- version/zyxel usg flex 50w/4.60
- canonical/zyxel usg flex 700 firmware
- version/zyxel usg flex 700 firmware/4.60
- canonical/zyxel vpn100
- version/zyxel vpn100/4.60
- canonical/zyxel vpn100 firmware
- canonical/zyxel vpn1000 firmware
- version/zyxel vpn1000 firmware/4.60
- canonical/zyxel zywall vpn 300 firmware
- version/zyxel zywall vpn 300 firmware/4.60
- canonical/zyxel vpn300
- canonical/zyxel zywall vpn 50 firmware
- version/zyxel zywall vpn 50 firmware/4.60
- canonical/zyxel vpn50 firmware
- canonical/zyxel zywall usg 310 firmware
- version/zyxel zywall usg 310 firmware/4.60
- version/zyxel zywall usg 310 firmware/4.73
- canonical/zyxel zywall usg 310
- canonical/zyxel zywall usg 100
- version/zyxel zywall usg 100/4.60
- version/zyxel zywall usg 100/4.73
- canonical/zyxel zywall usg 100 firmware